Skip to content
You are reading Hyperledger Besu development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.
Last update: January 20, 2021


By default, each participant in a privacy network uses its own Besu and Orion node.

Multi-tenancy allows multiple participants to use the same Besu and Orion node. Each participant is a tenant, and the operator is the owner of the Besu and Orion node.


The operator is responsible for configuring multi-tenancy, and has access to all tenant data.



Ensure the multi-tenant Orion node client API is configured to allow access only by the multi-tenant Besu node. Access to your data is secured through Besu using multi-tenancy mode.

If not configured to allow access only by the multi-tenant Besu node, other Orion clients, including other Besu nodes, might be able to access tenant data.

To secure access, you can configure TLS between Besu and Orion with the whitelist trust mode.

Multi-tenancy validates that tenants have permission to use the specified HTTP or Websocket JSON-RPC requests, and the tenant has access to the requested privacy data. Private data is isolated and each tenant uses a JSON Web Token (JWT) for authentication.

You can create the JWT either externally or internally.

Questions or feedback? You can discuss issues and obtain free support on Hyperledger Besu chat channel.
For Hyperledger Besu community support, contact the mailing list